Vendor CVEs
Janobe
All CVEs
155 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-5278 | 0.00 | — | 0.01 | Sep 29, 2023 | A vulnerability, which was classified as critical, was found in SourceCodester Engineers Online Portal 1.0. Affected is an unknown function of the file login.php. The manipulation of the argument username/password leads to sql injection. It is possible to launch the attack… | |||
| CVE-2023-5277 | 0.00 | — | 0.01 | Sep 29, 2023 | A vulnerability, which was classified as critical, has been found in SourceCodester Engineers Online Portal 1.0. This issue affects some unknown processing of the file student_avatar.php. The manipulation of the argument change leads to unrestricted upload. The attack may be… | |||
| CVE-2023-5276 | 0.00 | — | 0.01 | Sep 29, 2023 | A vulnerability classified as critical was found in SourceCodester Engineers Online Portal 1.0. This vulnerability affects unknown code of the file downloadable_student.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The… | |||
| CVE-2023-3059 | 0.00 | — | 0.01 | Jun 2, 2023 | A vulnerability, which was classified as critical, was found in SourceCodester Online Exam Form Submission 1.0. This affects an unknown part of the file /admin/update_s6.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack… | |||
| CVE-2023-27241 | 0.00 | — | 0.00 | Mar 27, 2023 | SourceCodester Water Billing System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the lastname text box under the Add Client module. | |||
| CVE-2023-1397 | 0.00 | — | 0.01 | Mar 14, 2023 | A vulnerability classified as problematic has been found in SourceCodester Online Student Management System 1.0. Affected is an unknown function of the file profile.php. The manipulation of the argument adminname leads to cross site scripting. It is possible to launch the attack… | |||
| CVE-2023-27213 | 0.00 | — | 0.01 | Mar 9, 2023 | Online Student Management System v1.0 was discovered to contain a SQL injection vulnerability via the searchdata parameter at /eduauth/student/search.php. | |||
| CVE-2023-1099 | 0.00 | — | 0.01 | Feb 28, 2023 | A vulnerability was found in SourceCodester Online Student Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file eduauth/edit-class-detail.php. The manipulation of the argument editid leads to sql injection. The… | |||
| CVE-2023-25431 | 0.00 | — | 0.00 | Feb 28, 2023 | An issue was discovered in Online Reviewer Management System v1.0. There is a XSS vulnerability via reviewer_0/admins/assessments/course/course-update.php. | |||
| CVE-2023-1038 | 0.00 | — | 0.01 | Feb 26, 2023 | A vulnerability classified as critical has been found in SourceCodester Online Reviewer Management System 1.0. Affected is an unknown function of the file /reviewer_0/admins/assessments/pretest/questions-view.php. The manipulation of the argument id leads to sql injection. It is… | |||
| CVE-2021-34249 | 0.00 | — | 0.01 | Feb 24, 2023 | SQL injection vulnerability in sourcecodester online-book-store 1.0 allows remote attackers to view sensitive information via the id paremeter in application URL. | |||
| CVE-2022-43082 | 0.00 | — | 0.00 | Nov 1, 2022 | A cross-site scripting (XSS) vulnerability in /fastfood/purchase.php of Fast Food Ordering System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the customer parameter. | |||
| CVE-2022-43081 | 0.00 | — | 0.01 | Nov 1, 2022 | Fast Food Ordering System v1.0 was discovered to contain a SQL injection vulnerability via the component /fastfood/purchase.php. | |||
| CVE-2022-3671 | 0.00 | — | 0.01 | Oct 26, 2022 | A vulnerability classified as critical was found in SourceCodester eLearning System 1.0. This vulnerability affects unknown code of the file /admin/students/manage.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit… | |||
| CVE-2022-38576 | 0.00 | — | 0.01 | Sep 19, 2022 | Interview Management System v1.0 was discovered to contain a SQL injection vulnerability via the component /interview/delete.php?action=deletecand&id=. | |||
| CVE-2022-38268 | 0.00 | — | 0.01 | Sep 8, 2022 | School Activity Updates with SMS Notification v1.0 was discovered to contain a SQL injection vulnerability via the component /modules/autonumber/index.php?view=edit&id=. | |||
| CVE-2022-38267 | 0.00 | — | 0.01 | Sep 8, 2022 | School Activity Updates with SMS Notification v1.0 was discovered to contain a SQL injection vulnerability via the component /modules/user/index.php?view=edit&id=. | |||
| CVE-2022-38260 | 0.00 | — | 0.01 | Sep 8, 2022 | Interview Management System v1.0 was discovered to contain a SQL injection vulnerability via the component /interview/delete.php?action=questiondelete&id=. | |||
| CVE-2022-38255 | 0.00 | — | 0.01 | Sep 8, 2022 | Interview Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /interview/editQuestion.php. | |||
| CVE-2022-2685 | 0.00 | — | 0.01 | Aug 5, 2022 | A vulnerability was found in SourceCodester Interview Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file /addQuestion.php. The manipulation of the argument question with the input leads to cross… | |||
| CVE-2022-2679 | 0.00 | — | 0.01 | Aug 5, 2022 | A vulnerability was found in SourceCodester Interview Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /viewReport.php. The manipulation of the argument id with the input (UPDATEXML(9729,CONCAT(0x2e,0x716b707071,(SELECT… | |||
| CVE-2022-31355 | 0.00 | — | 0.01 | Jun 17, 2022 | Online Ordering System v2.3.2 was discovered to contain a SQL injection vulnerability via /ordering/index.php?q=category&search=. | |||
| CVE-2022-31356 | 0.00 | — | 0.01 | Jun 17, 2022 | Online Ordering System v2.3.2 was discovered to contain a SQL injection vulnerability via /ordering/admin/store/index.php?view=edit&id=. | |||
| CVE-2022-31357 | 0.00 | — | 0.01 | Jun 17, 2022 | Online Ordering System v2.3.2 was discovered to contain a SQL injection vulnerability via /ordering/admin/inventory/index.php?view=edit&id=. | |||
| CVE-2022-31329 | 0.00 | — | 0.01 | May 31, 2022 | Online Ordering System By janobe 2.3.2 is vulnerable to SQL Injection via /ordering/admin/orders/loaddata.php. | |||
| CVE-2022-31328 | 0.00 | — | 0.01 | May 31, 2022 | Online Ordering System By janobe 2.3.2 has SQL Injection via /ordering/admin/products/index.php?view=edit&id=. | |||
| CVE-2022-31327 | 0.00 | — | 0.01 | May 31, 2022 | Online Ordering System By janobe 2.3.2 is vulneranle to SQL Injection via /ordering/index.php?q=products&id=. | |||
| CVE-2022-31337 | 0.00 | — | 0.01 | May 31, 2022 | Online Ordering System 2.3.2 is vulnerable to SQL Injection via /ordering/admin/category/index.php?view=edit&id=. | |||
| CVE-2022-31338 | 0.00 | — | 0.01 | May 31, 2022 | Online Ordering System 2.3.2 is vulnerable to SQL Injection via /ordering/admin/user/index.php?view=edit&id=. | |||
| CVE-2022-28993 | 0.00 | — | 0.02 | May 20, 2022 | Multi Store Inventory Management System v1.0 allows attackers to perform an account takeover via a crafted POST request. | |||
| CVE-2022-28420 | 0.00 | — | 0.01 | Apr 21, 2022 | Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via BabyCare/admin.php?id=theme&setid=. | |||
| CVE-2022-28423 | 0.00 | — | 0.01 | Apr 21, 2022 | Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin/posts.php&action=delete. | |||
| CVE-2022-28424 | 0.00 | — | 0.01 | Apr 21, 2022 | Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin/posts.php&find=. | |||
| CVE-2022-28432 | 0.00 | — | 0.01 | Apr 21, 2022 | Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin.php?id=siteoptions&social=display&value=0&sid=2. | |||
| CVE-2022-28431 | 0.00 | — | 0.01 | Apr 21, 2022 | Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin/siteoptions.php&social=remove&sid=2. | |||
| CVE-2022-28433 | 0.00 | — | 0.01 | Apr 21, 2022 | Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin/uesrs.php&action=display&value=Show&userid=. | |||
| CVE-2022-28434 | 0.00 | — | 0.01 | Apr 21, 2022 | Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin.php?id=siteoptions&social=edit&sid=2. | |||
| CVE-2022-28435 | 0.00 | — | 0.01 | Apr 21, 2022 | Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin/siteoptions.php&action=displaygoal&value=1&roleid=1. | |||
| CVE-2022-28437 | 0.00 | — | 0.01 | Apr 21, 2022 | Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin/uesrs.php&action=type&userrole=Admin&userid=3. | |||
| CVE-2022-28439 | 0.00 | — | 0.01 | Apr 21, 2022 | Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin/uesrs.php&&action=delete&userid=4. | |||
| CVE-2021-44090 | 0.00 | — | 0.01 | Jan 20, 2022 | An SQL Injection vulnerability exists in Sourcecodester Online Reviewer System 1.0 via the password parameter. | |||
| CVE-2021-44599 | 0.00 | — | 0.01 | Dec 23, 2021 | The id parameter from Online Enrollment Management System 1.0 system appears to be vulnerable to SQL injection attacks. A crafted payload injects a SQL sub-query that calls MySQL's load_file function with a UNC file path that references a URL on an external domain. The… | |||
| CVE-2021-43156 | 0.00 | — | 0.01 | Dec 22, 2021 | In ProjectWorlds Online Book Store PHP 1.0 a CSRF vulnerability in admin_delete.php allows a remote attacker to delete any book. | |||
| CVE-2021-43437 | 0.00 | — | 0.01 | Dec 20, 2021 | In sourcecodetester Engineers Online Portal as of 10-21-21, an attacker can manipulate the Host header as seen by the web application and cause the application to behave in unexpected ways. Very often multiple websites are hosted on the same IP address. This is where the Host… | |||
| CVE-2021-42671 | 0.00 | — | 0.20 | Nov 5, 2021 | An incorrect access control vulnerability exists in Sourcecodester Engineers Online Portal in PHP in nia_munoz_monitoring_system/admin/uploads. An attacker can leverage this vulnerability in order to bypass access controls and access all the files uploaded to the web server… | |||
| CVE-2021-42664 | 0.00 | — | 0.02 | Nov 5, 2021 | A Stored Cross Site Scripting (XSS) Vulneraibiilty exists in Sourcecodester Engineers Online Portal in PHP via the (1) Quiz title and (2) quiz description parameters to add_quiz.php. An attacker can leverage this vulnerability in order to run javascript commands on the web… | |||
| CVE-2020-36033 | 0.00 | — | 0.01 | Jul 22, 2021 | SQL injection vulnerability in SourceCodester Water Billing System 1.0 via the id parameter to edituser.php. | |||
| CVE-2020-19114 | 0.00 | — | 0.02 | May 5, 2021 | SQL Injection vulnerability in Online Book Store v1.0 via the publisher parameter to edit_book.php, which could let a remote malicious user execute arbitrary code. | |||
| CVE-2020-23763 | 0.00 | — | 0.02 | Apr 9, 2021 | SQL injection in admin.php in Online Book Store 1.0 allows remote attackers to execute arbitrary SQL commands and bypass authentication. | |||
| CVE-2020-35752 | 0.00 | — | 0.01 | Mar 10, 2021 | Baby Care System 1.0 is affected by a cross-site scripting (XSS) vulnerability in the Edit Page tab through the Post title parameter. |
- CVE-2023-5278Sep 29, 2023risk 0.00cvss —epss 0.01
A vulnerability, which was classified as critical, was found in SourceCodester Engineers Online Portal 1.0. Affected is an unknown function of the file login.php. The manipulation of the argument username/password leads to sql injection. It is possible to launch the attack…
- CVE-2023-5277Sep 29, 2023risk 0.00cvss —epss 0.01
A vulnerability, which was classified as critical, has been found in SourceCodester Engineers Online Portal 1.0. This issue affects some unknown processing of the file student_avatar.php. The manipulation of the argument change leads to unrestricted upload. The attack may be…
- CVE-2023-5276Sep 29, 2023risk 0.00cvss —epss 0.01
A vulnerability classified as critical was found in SourceCodester Engineers Online Portal 1.0. This vulnerability affects unknown code of the file downloadable_student.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The…
- CVE-2023-3059Jun 2, 2023risk 0.00cvss —epss 0.01
A vulnerability, which was classified as critical, was found in SourceCodester Online Exam Form Submission 1.0. This affects an unknown part of the file /admin/update_s6.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack…
- CVE-2023-27241Mar 27, 2023risk 0.00cvss —epss 0.00
SourceCodester Water Billing System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the lastname text box under the Add Client module.
- CVE-2023-1397Mar 14, 2023risk 0.00cvss —epss 0.01
A vulnerability classified as problematic has been found in SourceCodester Online Student Management System 1.0. Affected is an unknown function of the file profile.php. The manipulation of the argument adminname leads to cross site scripting. It is possible to launch the attack…
- CVE-2023-27213Mar 9, 2023risk 0.00cvss —epss 0.01
Online Student Management System v1.0 was discovered to contain a SQL injection vulnerability via the searchdata parameter at /eduauth/student/search.php.
- CVE-2023-1099Feb 28, 2023risk 0.00cvss —epss 0.01
A vulnerability was found in SourceCodester Online Student Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file eduauth/edit-class-detail.php. The manipulation of the argument editid leads to sql injection. The…
- CVE-2023-25431Feb 28, 2023risk 0.00cvss —epss 0.00
An issue was discovered in Online Reviewer Management System v1.0. There is a XSS vulnerability via reviewer_0/admins/assessments/course/course-update.php.
- CVE-2023-1038Feb 26, 2023risk 0.00cvss —epss 0.01
A vulnerability classified as critical has been found in SourceCodester Online Reviewer Management System 1.0. Affected is an unknown function of the file /reviewer_0/admins/assessments/pretest/questions-view.php. The manipulation of the argument id leads to sql injection. It is…
- CVE-2021-34249Feb 24, 2023risk 0.00cvss —epss 0.01
SQL injection vulnerability in sourcecodester online-book-store 1.0 allows remote attackers to view sensitive information via the id paremeter in application URL.
- CVE-2022-43082Nov 1, 2022risk 0.00cvss —epss 0.00
A cross-site scripting (XSS) vulnerability in /fastfood/purchase.php of Fast Food Ordering System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the customer parameter.
- CVE-2022-43081Nov 1, 2022risk 0.00cvss —epss 0.01
Fast Food Ordering System v1.0 was discovered to contain a SQL injection vulnerability via the component /fastfood/purchase.php.
- CVE-2022-3671Oct 26, 2022risk 0.00cvss —epss 0.01
A vulnerability classified as critical was found in SourceCodester eLearning System 1.0. This vulnerability affects unknown code of the file /admin/students/manage.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit…
- CVE-2022-38576Sep 19, 2022risk 0.00cvss —epss 0.01
Interview Management System v1.0 was discovered to contain a SQL injection vulnerability via the component /interview/delete.php?action=deletecand&id=.
- CVE-2022-38268Sep 8, 2022risk 0.00cvss —epss 0.01
School Activity Updates with SMS Notification v1.0 was discovered to contain a SQL injection vulnerability via the component /modules/autonumber/index.php?view=edit&id=.
- CVE-2022-38267Sep 8, 2022risk 0.00cvss —epss 0.01
School Activity Updates with SMS Notification v1.0 was discovered to contain a SQL injection vulnerability via the component /modules/user/index.php?view=edit&id=.
- CVE-2022-38260Sep 8, 2022risk 0.00cvss —epss 0.01
Interview Management System v1.0 was discovered to contain a SQL injection vulnerability via the component /interview/delete.php?action=questiondelete&id=.
- CVE-2022-38255Sep 8, 2022risk 0.00cvss —epss 0.01
Interview Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /interview/editQuestion.php.
- CVE-2022-2685Aug 5, 2022risk 0.00cvss —epss 0.01
A vulnerability was found in SourceCodester Interview Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file /addQuestion.php. The manipulation of the argument question with the input leads to cross…
- CVE-2022-2679Aug 5, 2022risk 0.00cvss —epss 0.01
A vulnerability was found in SourceCodester Interview Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /viewReport.php. The manipulation of the argument id with the input (UPDATEXML(9729,CONCAT(0x2e,0x716b707071,(SELECT…
- CVE-2022-31355Jun 17, 2022risk 0.00cvss —epss 0.01
Online Ordering System v2.3.2 was discovered to contain a SQL injection vulnerability via /ordering/index.php?q=category&search=.
- CVE-2022-31356Jun 17, 2022risk 0.00cvss —epss 0.01
Online Ordering System v2.3.2 was discovered to contain a SQL injection vulnerability via /ordering/admin/store/index.php?view=edit&id=.
- CVE-2022-31357Jun 17, 2022risk 0.00cvss —epss 0.01
Online Ordering System v2.3.2 was discovered to contain a SQL injection vulnerability via /ordering/admin/inventory/index.php?view=edit&id=.
- CVE-2022-31329May 31, 2022risk 0.00cvss —epss 0.01
Online Ordering System By janobe 2.3.2 is vulnerable to SQL Injection via /ordering/admin/orders/loaddata.php.
- CVE-2022-31328May 31, 2022risk 0.00cvss —epss 0.01
Online Ordering System By janobe 2.3.2 has SQL Injection via /ordering/admin/products/index.php?view=edit&id=.
- CVE-2022-31327May 31, 2022risk 0.00cvss —epss 0.01
Online Ordering System By janobe 2.3.2 is vulneranle to SQL Injection via /ordering/index.php?q=products&id=.
- CVE-2022-31337May 31, 2022risk 0.00cvss —epss 0.01
Online Ordering System 2.3.2 is vulnerable to SQL Injection via /ordering/admin/category/index.php?view=edit&id=.
- CVE-2022-31338May 31, 2022risk 0.00cvss —epss 0.01
Online Ordering System 2.3.2 is vulnerable to SQL Injection via /ordering/admin/user/index.php?view=edit&id=.
- CVE-2022-28993May 20, 2022risk 0.00cvss —epss 0.02
Multi Store Inventory Management System v1.0 allows attackers to perform an account takeover via a crafted POST request.
- CVE-2022-28420Apr 21, 2022risk 0.00cvss —epss 0.01
Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via BabyCare/admin.php?id=theme&setid=.
- CVE-2022-28423Apr 21, 2022risk 0.00cvss —epss 0.01
Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin/posts.php&action=delete.
- CVE-2022-28424Apr 21, 2022risk 0.00cvss —epss 0.01
Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin/posts.php&find=.
- CVE-2022-28432Apr 21, 2022risk 0.00cvss —epss 0.01
Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin.php?id=siteoptions&social=display&value=0&sid=2.
- CVE-2022-28431Apr 21, 2022risk 0.00cvss —epss 0.01
Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin/siteoptions.php&social=remove&sid=2.
- CVE-2022-28433Apr 21, 2022risk 0.00cvss —epss 0.01
Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin/uesrs.php&action=display&value=Show&userid=.
- CVE-2022-28434Apr 21, 2022risk 0.00cvss —epss 0.01
Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin.php?id=siteoptions&social=edit&sid=2.
- CVE-2022-28435Apr 21, 2022risk 0.00cvss —epss 0.01
Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin/siteoptions.php&action=displaygoal&value=1&roleid=1.
- CVE-2022-28437Apr 21, 2022risk 0.00cvss —epss 0.01
Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin/uesrs.php&action=type&userrole=Admin&userid=3.
- CVE-2022-28439Apr 21, 2022risk 0.00cvss —epss 0.01
Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin/uesrs.php&&action=delete&userid=4.
- CVE-2021-44090Jan 20, 2022risk 0.00cvss —epss 0.01
An SQL Injection vulnerability exists in Sourcecodester Online Reviewer System 1.0 via the password parameter.
- CVE-2021-44599Dec 23, 2021risk 0.00cvss —epss 0.01
The id parameter from Online Enrollment Management System 1.0 system appears to be vulnerable to SQL injection attacks. A crafted payload injects a SQL sub-query that calls MySQL's load_file function with a UNC file path that references a URL on an external domain. The…
- CVE-2021-43156Dec 22, 2021risk 0.00cvss —epss 0.01
In ProjectWorlds Online Book Store PHP 1.0 a CSRF vulnerability in admin_delete.php allows a remote attacker to delete any book.
- CVE-2021-43437Dec 20, 2021risk 0.00cvss —epss 0.01
In sourcecodetester Engineers Online Portal as of 10-21-21, an attacker can manipulate the Host header as seen by the web application and cause the application to behave in unexpected ways. Very often multiple websites are hosted on the same IP address. This is where the Host…
- CVE-2021-42671Nov 5, 2021risk 0.00cvss —epss 0.20
An incorrect access control vulnerability exists in Sourcecodester Engineers Online Portal in PHP in nia_munoz_monitoring_system/admin/uploads. An attacker can leverage this vulnerability in order to bypass access controls and access all the files uploaded to the web server…
- CVE-2021-42664Nov 5, 2021risk 0.00cvss —epss 0.02
A Stored Cross Site Scripting (XSS) Vulneraibiilty exists in Sourcecodester Engineers Online Portal in PHP via the (1) Quiz title and (2) quiz description parameters to add_quiz.php. An attacker can leverage this vulnerability in order to run javascript commands on the web…
- CVE-2020-36033Jul 22, 2021risk 0.00cvss —epss 0.01
SQL injection vulnerability in SourceCodester Water Billing System 1.0 via the id parameter to edituser.php.
- CVE-2020-19114May 5, 2021risk 0.00cvss —epss 0.02
SQL Injection vulnerability in Online Book Store v1.0 via the publisher parameter to edit_book.php, which could let a remote malicious user execute arbitrary code.
- CVE-2020-23763Apr 9, 2021risk 0.00cvss —epss 0.02
SQL injection in admin.php in Online Book Store 1.0 allows remote attackers to execute arbitrary SQL commands and bypass authentication.
- CVE-2020-35752Mar 10, 2021risk 0.00cvss —epss 0.01
Baby Care System 1.0 is affected by a cross-site scripting (XSS) vulnerability in the Edit Page tab through the Post title parameter.
Page 3 of 4